helms-deep's People
helms-deep's Issues
Add KeycloakClient mappers to HELMS DEEP client
Need two OIDC mappers - preferred_username
and name
.
name
will be the 'full name' OIDC built-in mapper. This gives a nice user name in the top left of the console when logged in.
Figure out how to create those mappers in the KeycloakClient
CR, if it's actually possible.
Add supervisor cluster to ACS
ACS is deployed empty, so far. Adjust the automation to automatically add the hosting cluster as a monitored cluster for ACS.
Deploy Ansible Automation Platform on the supervisor cluster
Deploy AAP on the Supervisor cluster. Need more detail here.
Deploy the logging operator
To use the log forwarding API, we need the logging operator in the supervisor cluster. Add it to the bootstrap playbook.
Integrate SSO into ACM
Determine what config changes are necessary to integrate ACM with the SSO realm. Make those changes so that ACM authenticates users against the SSO realm.
Deploy Gitea on the supervisor cluster
ACM needs a Git source to pull from for its channels. Using the helms-deep-resources repository isn't suitable, as if we want to demonstrate synchronisation with Git we need something that we can modify and update.
Use the Gitea operator (or upstream equivalent) to deploy Gitea on the supervisor cluster during bootstrap.
We'll use this as the source of truth for both:
- Ansible Tower Projects
- ACM application resources
We'll use Gitea to import the upstream repositories as the 'base' repositories. Then the demonstrators can modify the repositories locally as much as they want.
Deploy an empty ELK stack on the supervisor
Deploy an empty ELK stack on the supervisor cluster, separate to the stack used by the logging operator. This is to simulate an external sink for audit/log data (e.g. Splunk).
Satellite clusters, and the supervisor cluster, would have their LogForwarding API to push to this ELK stack.
Integrate SSO into ACS
Determine how to enable SSO via OIDC in ACS; make those changes to have ACS authenticate to the SSO realm.
A new KeycloakClient
and associated secret will be needed.
Disable new project creation for non-cluster admins on the supervisor cluster
Per the title. Don't allow randoms who have logged in to be able to create projects - or, indeed, to see anything.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.